diff options
Diffstat (limited to 'src/node_http2.cc')
-rw-r--r-- | src/node_http2.cc | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/node_http2.cc b/src/node_http2.cc index 63617cfd9f..058ae1f190 100644 --- a/src/node_http2.cc +++ b/src/node_http2.cc @@ -1017,6 +1017,10 @@ int Http2Session::OnInvalidFrame(nghttp2_session* handle, Http2Session* session = static_cast<Http2Session*>(user_data); Debug(session, "invalid frame received, code: %d", lib_error_code); + if (session->invalid_frame_count_++ > 1000 && + !IsReverted(SECURITY_REVERT_CVE_2019_9514)) { + return 1; + } // If the error is fatal or if error code is ERR_STREAM_CLOSED... emit error if (nghttp2_is_fatal(lib_error_code) || |